Server Load Balancer:Best practices for migrating Layer 7 listeners from CLB to ALB by using a wizard

Limits

By default, the wizard for migration from CLB to ALB is disabled. If you want to use this wizard, perform the following operations: Log on to the Quota Center console. In the left-side navigation pane, choose Products > Privileges. On the Privileges page, enter slb_user_visible_gray_label/clone_clb in the Quota ID field to search for the privilege, and then click Apply in the Actions column. For more information, see Manage ALB quotas.

CLB instances that the migration wizard supports

• Internal-facing IPv4 CLB instances that are deployed in virtual private clouds (VPCs) and for which Layer 7 HTTP or HTTPS listeners are configured

• Internet-facing IPv4 CLB instances for which Layer 7 HTTP or HTTPS listeners are configured

CLB instances that the migration wizard does not support

The migration wizard does not support the following types of CLB instances. We recommend that you manually migrate the CLB instances. For more information, see Best practices for manually migrating Layer 7 listeners from CLB to ALB.

• CLB instances for which no HTTP or HTTPS listeners are configured

• Internal-facing CLB instances that are deployed on the classic network

• IPv6 CLB instances

Usage notes

• You cannot use the migration wizard in a region that is not supported by ALB. For more information about the regions that are supported by ALB, see Supported regions and zones.

• The configurations of WAF cannot be migrated. If WAF is enabled for a CLB instance, you must manually enable WAF for the destination ALB instance after the migration is complete. We recommend that you enable WAF 3.0 for a new ALB instance. For more information, see Activate and manage WAF-enabled ALB instances.

• The threshold-triggered alert rules that are configured for a CLB instance cannot be migrated. After the migration is complete, you can configure the alert rules for the destination ALB instance by using the CloudMonitor console, calling API operations, or using SDKs. For more information, see Configure alert rules for ALB metrics.

• Anti-DDoS is enabled by default. The configurations that are used to increase the Anti-DDoS protection threshold cannot be migrated. After the migration is complete, you can manually increase the Anti-DDoS protection threshold in the Traffic Security console.

• Access control configurations cannot be migrated. You can configure access control for the destination ALB instance after the migration is complete. For more information, see Network ACLs.

• You must manually specify a server certificate and a certificate authority (CA) certificate for an HTTPS listener.

• Configurations of the primary and secondary server groups of a CLB instance cannot be migrated to an ALB instance.

• The backend servers of an internal-facing CLB instance can be directly migrated to an ALB instance. The backend servers of an Internet-facing CLB instance cannot be migrated to an ALB instance. The system creates a server group in the VPC in which the ALB instance resides during the migration. You must manually add backend servers to the server group. The backend servers must reside in the same VPC as the ALB instance.

Billing

You can use the migration wizard free of charge. However, you are charged for the ALB instance that is created during the migration based on the ALB billing rules.

For more information about ALB billing rules, see ALB billing rules.

For more information about CLB billing rules, see the following topic:

• Pay-as-you-go

Prerequisites

• A Layer 7 HTTP or HTTPS listener is configured for the CLB instance to be migrated.

• Relevant Elastic Compute Service (ECS) instances are created. In this example, four ECS instances are used.

  • ECS instances that host business applications: ECS01 and ECS02 that are used as backend servers

  • ECS instances that are used for testing: ECS03 that is used to perform traffic tests before the migration and ECS04 that is used to verify the access traffic during the migration

    If you have existing ECS instances for testing, you do not need to create ECS03 or ECS04.

Step 1: Use the migration wizard in the console

1. Use one of the following methods to go to the migration wizard.

   Method 1: Go to the migration wizard in the CLB console

   1. Log on to the CLB console.

   2. In the top navigation bar, select the region in which the CLB instance resides.

   3. In the left-side navigation pane, choose CLB (FKA SLB) > Instances. On the Instances page, find the CLB instance that you want to migrate and click the ID of the instance.

   4. On the instance details page, click the Migration Wizard tab, read the confirm message, and then click Migrate to ALB.

   Method 2: Go to the migration wizard in the ALB console

   1. Log on to the ALB console.

   2. In the top navigation bar, select the region in which the CLB instance resides.

   3. In the left-side navigation pane, choose ALB > Instances. On the Instances page, click Migrate from CLB to ALB.

   4. In the Migrate from CLB to ALB dialog box, read the confirm message, select the CLB instance that you want to migrate, and then click Open Migration Wizard.

2. In the Review Configurations step, confirm the basic information of the CLB instance and the predefined configurations of the ALB instance, configure the items marked with for all listeners, select the check box for Confirm system-modified configurations, and then click Next.

   • : the item that you need to manually configure.

   • : the item that is automatically modified by the system.

   You can click Modify Listener and Modify Certificate to modify the configurations of the ALB listeners. You can modify certificates only for HTTPS listeners.

3. In the Create Instance step, configure the VPC and vSwitch to which the ALB instance belongs, and click Next.

   Parameter	Description
   VPC	If you migrate an internal-facing CLB instance, the ALB instance is created in the same VPC as the CLB instance by default. If you migrate an Internet-facing CLB instance, you need to manually configure a VPC for the ALB instance.
   Zone	Select a zone and a vSwitch. ALB supports multi-zone deployment. If the selected region supports two or more zones, select at least two zones to ensure the high availability of your service. ALB does not charge additional fees. Select a vSwitch in each zone that you selected. If no vSwitch is available, create a vSwitch as prompted. Optional: If you migrate an Internet-facing CLB instance, you must select an EIP in the selected zone. If no EIP is available in the selected zone, you can select Purchase EIP. Then, the system automatically creates an EIP that uses the pay-as-you-go billing method and the pay-by-data-transfer metering method and associates the EIP with the ALB instance. The EIP uses BGP (Multi-ISP) lines and is protected by Anti-DDoS Origin Basic. You can also associate an existing EIP with the ALB instance. Important You can associate only pay-as-you-go (pay-by-data-transfer) EIPs that are not associated with Internet Shared Bandwidth instances with an ALB instance. The EIPs allocated to different zones of the same ALB instance must be of the same type.

4. In the Confirm Order step, confirm the configurations of the ALB instance, select the check boxes in the Pricing/Billing and Terms of Service sections, and then click Next.

5. In the Complete step, wait until the migration task is complete. Then, you can perform the following operations.

   The migration task takes about 1 to 10 minutes to complete. Resource Orchestration Service (ROS) is used to perform the migration task. You can go to the ROS console to view the execution process of the task in the relevant stack.

   • Click View ALB Instance to go to the details page of the ALB instance.

   • Click CLB Instance List to go to the CLB instance list.

   • Click ALB Instance List to go to the ALB instance list.

6. After the migration task is complete, check whether the ALB instance has backend servers.

   1. In the left-side navigation pane, choose ALB > Instances.

   2. On the Instances page, find the ALB instance and click the ID of the instance.

   3. On the instance details page, click the Listener tab. On the Listener tab, find the listener that you want to manage and click View Details in the Actions column.

   4. On the Listener Details tab, click View/Modify Backend Server in the Server Group (Default Forwarding Rule) section. You are navigated to the Backend Servers tab. On the Backend Servers tab, check whether the ALB instance has backend servers.

      If the ALB instance does not have backend servers, click Add Backend Server to add at least two backend servers to the ALB instance and deploy applications on each backend server. This ensures that the ALB instance can forward access requests from clients. In this example, ECS01 and ECS02 are added to the ALB instance as backend servers.

      • For more information about how to create an ECS instance, see Create an instance by using the wizard.

      • The following sample commands are used to deploy test applications on ECS01 and ECS02:

        Commands for deploying an application on ECS01

        yum install -y nginx
        systemctl start nginx.service
        cd /usr/share/nginx/html/
        echo "Hello World ! This is ECS01." > index.html
        

        Commands for deploying an application on ECS02

        yum install -y nginx
        systemctl start nginx.service
        cd /usr/share/nginx/html/
        echo "Hello World ! This is ECS02." > index.html
        

Step 2: Perform traffic tests

(Optional) Enable the access log feature

ALB and Simple Log Service provide the access log feature that allows you to monitor the loads of ALB instances and identify issues.

1. Log on to the ALB console.

2. In the top navigation bar, select the region in which the ALB instance resides.

3. In the left-side navigation pane, choose ALB > Instances. On the Instances page, find the ALB instance that you want to manage and click the ID of the instance.

4. On the instance details page, click the Access Logs tab. On the Access Logs tab, click Create Access Log.

5. In the Create Access Log dialog box, configure the Project and Logstore parameters, and click OK. In the message that appears, click OK.

   Parameter	Description
   Project	The Simple Log Service project that is used to isolate and manage resources. Valid values: Select Project: Select a project from the drop-down list. Create Project: Enter a project name in the field. A project is automatically created.
   Logstore	The Logstore that is used to collect, store, and query logs in Simple Log Service. Valid values: Select Logstore: Select a Logstore from the drop-down list. Create Logstore: Enter a Logstore name in the field. A Logstore is automatically created. If you select Create Project, you must select Create Logstore.
   Notes on Creating Service-linked Role	When you perform this operation, a service-linked role is automatically created.

Test traffic

1. Log on to ECS03. For more information, see Methods for connecting to an ECS instance.

   Note

   In this example, a public IP address is assigned to ECS03 when the instance is purchased.

2. Run the following command to open the hosts file:

   sudo vi /etc/hosts

   Add the EIP and domain name of the ALB instance to the hosts file. After the modification is complete, save and close the file.

   118.XX.XX.113 www.example.net

3. Run the following command to check whether the ALB instance can forward traffic as expected:

   curl -v www.example.net

   The following figure shows the test result.

   

4. Optional. Return to the ALB console, go to the Access Logs tab on the details page of the ALB instance, and then click the link on the right side of the Simple Log Service to view the access logs.

   In the Simple Log Service console, you can view the run logs of the domain name- or URL-based forwarding rules of the ALB instance based on fields such as request_uri, http_host, upstream_addr, and status.

Step 3: Migrate traffic to the ALB instance

Step 1: Configure a temporary domain name for the CLB instance

1. Log on to the Alibaba Cloud DNS console.

2. On the Authoritative DNS Resolution page, find and click the domain name www.example.net. The domain name points to the CLB instance.

3. On the DNS Settings tab of the domain name details page, click Add DNS Record. In the Add DNS Record panel, configure the following parameters and click OK.

   Parameter	Description
   Record Type	Select CNAME from the drop-down list.
   Hostname	Enter the prefix of your domain name. In this example, www is entered.
   DNS Request Source	Select Default.
   Record Value	Enter a temporary domain name. In this example, web0.example.net is entered.
   TTL	Specify a time to live (TTL) value for the CNAME record. The TTL determines the time period that the record is cached on the DNS server. The TTL is set to 5 seconds in this example.

4. On the DNS Settings tab, find the A record that points to the IP address of the CLB instance and click Modify in the Actions column.

5. In the Modify DNS Record panel, modify the Hostname parameter and click OK. In this example, the Hostname parameter is set to web0. The other parameters are not modified.

Step 2: Add a CNAME record for the ALB instance

1. On the Domain Name Resolution page, find and click the domain name www.example.net. This domain name points to the IP address of the CLB instance.

2. On the DNS Settings tab of the domain name details page, click Add DNS Record. In the Add DNS Record panel, configure the following parameters and click OK.

   Parameter	Description
   Record Type	Select CNAME from the drop-down list.
   Hostname	Enter the prefix of the domain name. In this example, www is entered.
   DNS Request Source	Select Default.
   Record Value	Enter the CNAME. The CNAME is the domain name of the ALB instance.
   TTL	Specify a TTL value for the CNAME record. The TTL determines the time period that the record is cached on the DNS server. The TTL is set to 5 seconds in this example.

Step 3: Configure weights to perform a canary release

1. On the Authoritative DNS Resolution page, find and click the instance ID of the domain name that you want to manage.

2. Click the Weight Settings tab, find the domain name that you want to manage, and click Set Weight in the Actions column.

   To configure weights for different DNS records of the same domain name, make sure that the DNS records have the same type, hostname, and ISP line. The supported record types are A, CNAME, and AAAA.

3. In the Set Weight panel, configure the weights of the DNS records for the CLB and ALB instances. Set the weight of the DNS record for the CLB instance to 100. Set the weight of the DNS record for the ALB instance to 0.

   

4. Gradually reduce the weight of the DNS record for the CLB instance and gradually increase the weight of the DNS record for the ALB instance. Make sure that your services are not affected.

5. Log on to ECS04 that resides in the same VPC as the ALB instance and run the dig command multiple times to verify the traffic migration result.

   Note

   A public IP address is assigned to ECS04 and dig is installed on ECS04 by running the yum install bind-utils command.

   dig www.example.net

   The following figures show the results. The results show that requests are forwarded to the ALB and CLB instances based on the weights of the DNS records.

Step 4: Complete traffic migration

Based on the traffic test result, gradually reduce the weight of the DNS record for the CLB instance to 0 and gradually increase the weight of the DNS record for the ALB instance to 100. After you perform the preceding operations, traffic is migrated from the CLB instance to the ALB instance. When all persistent connections to the CLB instance are closed and no new traffic is sent to the CLB instance, you can monitor the CLB instance for a period of time and then release the CLB instance. For more information about how to release a CLB instance, see Create and manage a CLB instance.